General
-
Target
00c60bb7948af8a0ca450ea8118c7d7453bf64e0d1ce1725f8dfbfa36be96d2c
-
Size
801KB
-
Sample
230410-yxnm7aga32
-
MD5
cc9c31e4f0098250714921f82f4d82c6
-
SHA1
dc73134f2290baa777cc0248d84a2d4ed196f094
-
SHA256
00c60bb7948af8a0ca450ea8118c7d7453bf64e0d1ce1725f8dfbfa36be96d2c
-
SHA512
2b1c2754db288168622fccda1182facf1f674832fc7d71ad0f972873a9e655a76410f65d07c2f26da419683adf8eb2b909f38041c624795323c9775c2ac1532b
-
SSDEEP
12288:WMrMy90AZiGktDA2Bw3ZF8kS1neIUbORM9L19xK7CvGgxWL7uX0CEbhW0f/9OaLt:eyjizeB3ZS8NbHN3xfhMu3EUEoUt
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
00c60bb7948af8a0ca450ea8118c7d7453bf64e0d1ce1725f8dfbfa36be96d2c
-
Size
801KB
-
MD5
cc9c31e4f0098250714921f82f4d82c6
-
SHA1
dc73134f2290baa777cc0248d84a2d4ed196f094
-
SHA256
00c60bb7948af8a0ca450ea8118c7d7453bf64e0d1ce1725f8dfbfa36be96d2c
-
SHA512
2b1c2754db288168622fccda1182facf1f674832fc7d71ad0f972873a9e655a76410f65d07c2f26da419683adf8eb2b909f38041c624795323c9775c2ac1532b
-
SSDEEP
12288:WMrMy90AZiGktDA2Bw3ZF8kS1neIUbORM9L19xK7CvGgxWL7uX0CEbhW0f/9OaLt:eyjizeB3ZS8NbHN3xfhMu3EUEoUt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-